package lixp.security.controller;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class SecurityController {
    Logger logger = LoggerFactory.getLogger(SecurityController.class);

    @RequestMapping("/hello")
    @PreAuthorize("hasRole('super')")
//    @Secured("ROLE_super")
    public String hello() {
        //hasRole角色定义的时候，数据库中的角色需要ROLE_开头，在注解中只用后面的
        //Secured 在注解中需要全部内容
        return "hello spring security";
    }

    @PostMapping("/login")
    public String login() {
        return "hello spring security";
    }

    @RequestMapping("/manage/menu/update")
    public String test(){
        return "权限测试1---成功";
    }

    @PostMapping("/logout")
    public String logout() {
        return "byebye spring security";
    }


    @RequestMapping("/manage/system/index")
    public String index(){
        return "权限测试2---成功";
    }

    @RequestMapping("/test3")
    @PreAuthorize("hasPermission('/manage/organization/index','upms:organization:read')")
    public String test3(){
        return "权限测试3---成功";
    }
}
